Seventy-four per cent of senior executives feel exposed to cybercrime, according to the annual security survey carried out by SafeNet.
1,200 senior IT and security professionals were asked how secure they believe their corporate network to be against a security breach. Of those respondents, only 26 per cent said they had full confidence in the security of their network, describing it as very secure.
The majority of respondents - 67 per cent - said they were not fully confident about protecting their networks from security breaches, while the remaining seven per cent admitted they considered it to be not at all secure. This latter result indicates a rise in network vulnerability over the last year, as just two per cent of respondents admitted to feeling so exposed when asked the same question in 2006.
In one year, the number of organisations that feel very vulnerable to cybercrime has almost quadrupled, said Gary Clark, VP EMEA, SafeNet. It does not bode well for the Board, shareholders or customers if the IT experts within their organisations have such low confidence in current security measures.
In terms of specific fears, 32 per cent cited employee misuse and theft of information as their main concern, while 27 per cent named unauthorised access to information systems by outsiders as their top security worry. The theft or loss of mobile devices that hold sensitive data was the biggest fear for 20 per cent of respondents. These top three concerns nearly mirror the results of 2006, showing that twelve months on, the same issues have still not been resolved.
It is clear that, in many cases, not enough is being done to protect organisations critical information. Only enforced security standards that focus on staff education and the smart use of technology, with the full support of senior executives, will successfully tackle this fear factor, said Clark. This has to happen sooner rather than later, before the security fears become a reality.
[An obvious question is why the confidence in network security has declined so much and so rapidly. Unfortunately SafeNet don't explain the method used for sampling these results but presuming sound statistical methods were used it looks as if the process of generating security awareness is accelerating, probably due to a number of factors, e.g. the public discussion of identity theft and data losses. These factors have presumably lead to sysadmins and network admins taking a closer look at their own security situation and realising how precarious it actually is.
This is a necessary step in the process towards more secure networks. Let us now hope that this new knowledge leads to healthy architectural approaches being taken rather than more money being spent on inefficient point solutions!
There is actually a deeper and often overlooked issue here. As pointed out on numerous occasions by e.g. Bruce Schneier and your humble editor, buyers, even qualified buyers, cannot rationally decide whether the quality of a solution they consider, is sufficient - or even if a security product is fit for purpose or simply snake oil (a side effect of this is, as pointed out by a Swedish chap, whose name escapes me but who won a Nobel price in economics for it, that because of ignorance better and more expensive products don't get bought. Thus the best products tend to disappear from the market and the 'lemons' remain. Information security illustrates this better than most fields).
This technological deficiency needs to be compensated somehow, and the only way to accomplish that is through good security structures at the corporate level, i.e. through management measures which are understood. Even those who sell these architecture service don't often mention this, probably because very few individuals understand information security both at the technical and the management level. --Ed].
Related links: (Open in a new window.)
www.safenet-inc.com
View printable version (opens in new window)
Back